Why Shellshock is bad news for the Internet of things

A major flaw in a piece of open source code that affects Mac OS X and Linux users has cybersecurity professionals scrambling to identify and patch vulnerable machines -- but embedded devices making up the so-called "Internet of Things" could be among the worst hit by the bug.

Dubbed "Shellshock" by some members of the IT security community, the issue affects "bash" -- an open source code used in Unix-based systems used since the 1980s. Bash is a type of shell code for user commands, meaning it serves as a sort of direct route to controlling systems that is built in at the operating system level. The National Institute of Standards and Technology's National Vulnerability Database scored the vulnerability as a "10," on a scale from one to 1o, on both impacts and exploitability. US-CERT also issued an advisory, saying "exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on an affected system."